Privacy Policy

Data Controller

MG Consultant LLC is the data controller responsible for your personal information collected through CareEcho.

Contact Information

Account Information

• Email address and password
• Full name and profile information
• Account preferences and settings

Health & Conversation Data

• Voice recordings and audio data from conversations
• Conversation transcripts and summaries
• Health-related information you choose to share
• Emotional analysis data from voice interactions
• Usage patterns and interaction history

Technical Information

• Device information and browser type
• IP address and location data (if permitted)
• Usage analytics and performance metrics
• Error logs and diagnostic information

Service Provision

• Provide AI-powered health conversations and support
• Generate personalized health insights and recommendations
• Maintain conversation history and continuity
• Improve voice recognition and emotional analysis

Platform Improvement

• Analyze usage patterns to enhance user experience
• Develop and improve AI models and algorithms
• Identify and fix technical issues
• Conduct research for healthcare innovation

Communication

• Send important service updates and notifications
• Provide customer support and assistance
• Share beta testing updates and feedback requests
• Respond to your inquiries and requests

Legal & Safety

• Comply with applicable laws and regulations
• Protect against fraud and security threats
• Enforce our terms of service and policies
• Respond to legal requests and court orders

Service Providers

We may share limited data with trusted service providers who help us operate CareEcho:

• Cloud hosting and infrastructure providers (Vercel, Supabase)
• AI and voice processing services (Hume AI)
• Analytics and performance monitoring tools
• Customer support and communication platforms

Legal Requirements

We may disclose your information when required by law, such as in response to court orders, legal processes, or to protect the rights and safety of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

Security Measures

• End-to-end encryption for all data transmission
• Encrypted storage of all personal and health information
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Secure cloud infrastructure with enterprise-grade protection

Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations. You can request deletion of your data at any time.

Incident Response

In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours, as required by applicable privacy laws.

Health Data Handling

• All health information is encrypted and stored securely
• Access is limited to authorized personnel only
• Health data is never used for advertising or marketing
• We comply with applicable health privacy regulations

Your Control

• You choose what health information to share
• You can delete health conversations at any time
• You can opt out of health data analysis features
• You maintain ownership of your health information

Beta-Specific Data Use

• Enhanced logging for debugging and improvement
• User feedback and testing data collection
• Performance monitoring and error tracking
• Feature usage analytics for development

Confidentiality Requirements

• Do not share screenshots or recordings publicly
• Do not discuss detailed features without written consent
• Report bugs and issues through official channels only
• Respect the confidential nature of beta testing

Types of Cookies

Data Transfers

Your information may be processed and stored in countries other than your own. We ensure appropriate safeguards are in place for international data transfers.

Regional Compliance

• GDPR (EU): Full compliance with European data protection laws
• CCPA (California): California Consumer Privacy Act protections
• PIPEDA (Canada): Personal Information Protection compliance
• Other Jurisdictions: Adherence to local privacy requirements

Notification of Changes

• Email notification for significant changes
• In-app notifications for policy updates
• Updated "Last Modified" date on this page
• 30-day notice period for material changes